Check Point recently released a new version of CloudGuard IaaS that allows its enterprise customers to enjoy significantly higher performances and better security across data centers and public and private cloud environments.

CloudGuard IaaS new features include:

Performance: CloudGuard IaaS delivers performance enhancements rapidly. The new cloud security gateway, based on Check Point’s latest R80.20 software release, achieves up to 300% performance improvement compared to previous release, as measured by network throughput with security capabilities enabled. Customers can often expect more than double the performance of leading competitors.

Robust Threat Prevention: CloudGuard IaaS R80.20 has added over three AI engines to its impressive threat prevention capabilities, delivering higher-precision verdicts (‘HUNTRESS’), and blocking more zero-day attacks through its threat emulation and threat extraction. The gateway uses the new ‘CADET’ context-aware detection to achieve a tenfold reduction in false positive rates, and discovers even unknown bots and malicious domains using ‘Campaign Hunting’ predictive IOCs.

Support for New Machines: Keeping pace with the innovation driven by cloud service providers, the new Check Point cloud security gateways now support all the new VM models offered by leading cloud vendors, such as the C5 instance type from Amazon Web Services (AWS), and Microsoft Azure VMs with accelerated networking.

The First Certified Azure-Accelerated-Networking Compliant Vendor

Recently, Microsoft released support for SR-IOV, an accelerated networking in Azure. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. This high-performance path bypasses the host from the data path, reducing latency, jitter, and CPU utilization, for use with the most demanding network workloads on supported VM types.

The following picture shows communication between two VMs with and without accelerated networking:

Accelerated networking means network traffic arrives at the VM’s network interface (NIC), and is then forwarded to the VM. All network policies that the virtual switch applies are now offloaded and applied in the hardware. Applying policy in hardware enables the NIC to forward network traffic directly to the VM, bypassing the host and the virtual switch, while maintaining all the policy it applied in the host.

End-to-End Workloads Protection with AWS Transit Gateway

AWS Transit Gateway (TGW) is a new service on AWS that allows customers to connect multiple Virtual Private Clouds (VPCs) in a scalable manner, reshaping transit VPCs. TGW allows traffic to flow between VPCs without requiring transit through the public internet.

AWS Transit Gateway allows a single connection from the central gateway in to each Amazon VPC, on-premises data center, or remote office across the network. It acts as a hub that routes traffic on all the connected networks which act like spokes. This hub and spoke model simplifies management and reduces operational costs because each network only has to connect to the Transit Gateway to talk to each other and not use the internet or other methods like VPC peering. New VPCs are connected to the Transit Gateway and are therefore automatically available to every other network. This ease of connectivity simplifies network scaling as you grow.